package com.study.springsecurity.controller;

import com.alibaba.fastjson.JSON;
import com.study.springsecurity.utils.SecurityContextUtil;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.Collection;

/**
 * 业务接口层
 */
@RestController
public class BusinessController {

    @PreAuthorize("hasPermission(#id, 'QUERY')")
    @GetMapping("findAll")
    public String findAll(String id) {
        String userName = SecurityContextUtil.getUserName();
        Collection<GrantedAuthority> userAuth = SecurityContextUtil.getUserAuth();
        return String.format("接口：findAll，访问人：%s，访问者权限：%s", userName, JSON.toJSONString(userAuth));
    }

    @PreAuthorize("hasPermission(#id, 'TABLE', 'QUERY')")
    @GetMapping("find")
    public String find(String id) {
        String userName = SecurityContextUtil.getUserName();
        Collection<GrantedAuthority> userAuth = SecurityContextUtil.getUserAuth();
        return String.format("接口：find，访问人：%s，访问者权限：%s", userName, JSON.toJSONString(userAuth));
    }
}
